📄 snort_httpinspect.c
字号:
char *ErrorString, int ErrStrLen){ char *pcToken; int post_depth; char *pcEnd; pcToken = strtok(NULL, CONF_SEPARATORS); if(pcToken == NULL) { SnortSnprintf(ErrorString, ErrStrLen, "No argument to '%s' token.", POST_DEPTH); return -1; } post_depth = strtol(pcToken, &pcEnd, 10); if(*pcEnd) { SnortSnprintf(ErrorString, ErrStrLen, "Invalid argument to '%s'.", POST_DEPTH); return -1; } /* 0 means 'any depth' */ if(post_depth < 0 || post_depth > 65536) { SnortSnprintf(ErrorString, ErrStrLen, "Invalid argument to '%s'. Must be between 0 and " "65536.", POST_DEPTH); return -1; } ServerConf->post_depth = post_depth; return 0;}/*** NAME** ProcessChunkLength::*//**** Process and verify the chunk length for the server configuration.** ** @param ServerConf pointer to the server configuration** @param ErrorString error string buffer** @param ErrStrLen the length of the error string buffer**** @return an error code integer ** (0 = success, >0 = non-fatal error, <0 = fatal error)**** @retval 0 successs** @retval -1 generic fatal error** @retval 1 generic non-fatal error*/static int ProcessChunkLength(HTTPINSPECT_CONF *ServerConf, char *ErrorString, int ErrStrLen){ char *pcToken; int iChunkLength; char *pcEnd; pcToken = strtok(NULL, CONF_SEPARATORS); if(pcToken == NULL) { SnortSnprintf(ErrorString, ErrStrLen, "No argument to '%s' token.", CHUNK_LENGTH); return -1; } iChunkLength = strtol(pcToken, &pcEnd, 10); if(*pcEnd) { SnortSnprintf(ErrorString, ErrStrLen, "Invalid argument to '%s'.", CHUNK_LENGTH); return -1; } if(iChunkLength < 0) { SnortSnprintf(ErrorString, ErrStrLen, "Invalid argument to '%s'.", CHUNK_LENGTH); return -1; } ServerConf->chunk_length = iChunkLength; return 0;}/*** NAME** ProcessConfOpt::*//**** Set the CONF_OPT on and alert fields.**** We check to make sure of valid parameters and then** set the appropriate fields. Not much more to it, than** that.**** @param ConfOpt pointer to the configuration option** @param Option character pointer to the option being configured** @param ErrorString error string buffer** @param ErrStrLen the length of the error string buffer**** @return an error code integer ** (0 = success, >0 = non-fatal error, <0 = fatal error)**** @retval 0 successs** @retval -1 generic fatal error** @retval 1 generic non-fatal error*/static int ProcessConfOpt(HTTPINSPECT_CONF_OPT *ConfOpt, char *Option, char *ErrorString, int ErrStrLen){ char *pcToken; pcToken = strtok(NULL, CONF_SEPARATORS); if(pcToken == NULL) { SnortSnprintf(ErrorString, ErrStrLen, "No argument to token '%s'.", Option); return -1; } /* ** Check for the alert value */ if(!strcmp(BOOL_YES, pcToken)) { ConfOpt->alert = 1; } else if(!strcmp(BOOL_NO, pcToken)) { ConfOpt->alert = 0; } else { SnortSnprintf(ErrorString, ErrStrLen, "Invalid argument to token '%s'.", Option); return -1; } ConfOpt->on = 1; return 0;}/*** NAME** ProcessNonRfcChar::*//***** Configure any characters that the user wants alerted on in the** URI.**** This function allocates the memory for CONF_OPT per character and** configures the alert option.**** @param ConfOpt pointer to the configuration option** @param ErrorString error string buffer** @param ErrStrLen the length of the error string buffer**** @return an error code integer ** (0 = success, >0 = non-fatal error, <0 = fatal error)**** @retval 0 successs** @retval -1 generic fatal error** @retval 1 generic non-fatal error*/static int ProcessNonRfcChar(HTTPINSPECT_CONF *ServerConf, char *ErrorString, int ErrStrLen){ char *pcToken; char *pcEnd; int iChar; int iEndChar = 0; pcToken = strtok(NULL, CONF_SEPARATORS); if(!pcToken) { SnortSnprintf(ErrorString, ErrStrLen, "Invalid '%s' list format.", NON_RFC_CHAR); return -1; } if(strcmp(START_PORT_LIST, pcToken)) { SnortSnprintf(ErrorString, ErrStrLen, "Must start a '%s' list with the '%s' token.", NON_RFC_CHAR, START_PORT_LIST); return -1; } while ((pcToken = strtok(NULL, CONF_SEPARATORS)) != NULL) { if(!strcmp(END_PORT_LIST, pcToken)) { iEndChar = 1; break; } iChar = strtol(pcToken, &pcEnd, 16); if(*pcEnd) { SnortSnprintf(ErrorString, ErrStrLen, "Invalid argument to '%s'. Must be a single character.", NON_RFC_CHAR); return -1; } if(iChar < 0 || iChar > 255) { SnortSnprintf(ErrorString, ErrStrLen, "Invalid character value to '%s'. Must be a single " "character no greater than 255.", NON_RFC_CHAR); return -1; } ServerConf->non_rfc_chars[iChar] = 1; } if(!iEndChar) { SnortSnprintf(ErrorString, ErrStrLen, "Must end '%s' configuration with '%s'.", NON_RFC_CHAR, END_PORT_LIST); return -1; } return 0;}/*** NAME** ProcessWhitespaceChars::*//***** Configure any characters that the user wants to be treated as** whitespace characters before and after a URI.****** @param ServerConf pointer to the server configuration structure** @param ErrorString error string buffer** @param ErrStrLen the length of the error string buffer**** @return an error code integer ** (0 = success, >0 = non-fatal error, <0 = fatal error)**** @retval 0 successs** @retval -1 generic fatal error** @retval 1 generic non-fatal error*/static int ProcessWhitespaceChars(HTTPINSPECT_CONF *ServerConf, char *ErrorString, int ErrStrLen){ char *pcToken; char *pcEnd; int iChar; int iEndChar = 0; pcToken = strtok(NULL, CONF_SEPARATORS); if(!pcToken) { SnortSnprintf(ErrorString, ErrStrLen, "Invalid '%s' list format.", WHITESPACE); return -1; } if(strcmp(START_PORT_LIST, pcToken)) { SnortSnprintf(ErrorString, ErrStrLen, "Must start a '%s' list with the '%s' token.", WHITESPACE, START_PORT_LIST); return -1; } while ((pcToken = strtok(NULL, CONF_SEPARATORS)) != NULL) { if(!strcmp(END_PORT_LIST, pcToken)) { iEndChar = 1; break; } iChar = strtol(pcToken, &pcEnd, 16); if(*pcEnd) { SnortSnprintf(ErrorString, ErrStrLen, "Invalid argument to '%s'. Must be a single character.", WHITESPACE); return -1; } if(iChar < 0 || iChar > 255) { SnortSnprintf(ErrorString, ErrStrLen, "Invalid character value to '%s'. Must be a single " "character no greater than 255.", WHITESPACE); return -1; } ServerConf->whitespace[iChar] = HI_UI_CONFIG_WS_BEFORE_URI; } if(!iEndChar) { SnortSnprintf(ErrorString, ErrStrLen, "Must end '%s' configuration with '%s'.", WHITESPACE, END_PORT_LIST); return -1; } return 0;}/*** NAME** ProcessServerConf::*//**** Process the global server configuration.**** Take the configuration and translate into the global server** configuration. We also check for any configuration errors and** invalid keywords.**** @param ServerConf pointer to the server configuration** @param ErrorString error string buffer** @param ErrStrLen the length of the error string buffer**** @return an error code integer ** (0 = success, >0 = non-fatal error, <0 = fatal error)**** @retval 0 successs** @retval -1 generic fatal error** @retval 1 generic non-fatal error*/static int ProcessServerConf(HTTPINSPECT_GLOBAL_CONF *GlobalConf, HTTPINSPECT_CONF *ServerConf, char *ErrorString, int ErrStrLen){ char *pcToken; int iRet; int iPorts = 0; HTTPINSPECT_CONF_OPT *ConfOpt; /* ** Check for profile keyword first, it's the only place in the ** configuration that is correct. */ pcToken = strtok(NULL, CONF_SEPARATORS); if(pcToken == NULL) { SnortSnprintf(ErrorString, ErrStrLen, "No tokens to '%s' configuration.", GLOBAL); return 1; } if(!strcmp(PROFILE, pcToken)) { iRet = ProcessProfile(GlobalConf, ServerConf, ErrorString, ErrStrLen); if (iRet) { return iRet; } pcToken = strtok(NULL, CONF_SEPARATORS); if(pcToken == NULL) { SnortSnprintf(ErrorString, ErrStrLen, "No port list to the profile token."); return -1; } do { if(!strcmp(PORTS, pcToken)) { iRet = ProcessPorts(ServerConf, ErrorString, ErrStrLen); if (iRet) { return iRet; } iPorts = 1; } else if(!strcmp(IIS_UNICODE_MAP, pcToken)) { iRet = ProcessIISUnicodeMap(&ServerConf->iis_unicode_map, &ServerConf->iis_unicode_map_filename, &ServerConf->iis_unicode_codepage, ErrorString,ErrStrLen); if (iRet) { return -1; } } else if(!strcmp(ALLOW_PROXY, pcToken)) { ServerConf->allow_proxy = 1; } else if(!strcmp(FLOW_DEPTH, pcToken)) { iRet = ProcessFlowDepth(ServerConf, ErrorString, ErrStrLen); if (iRet) { return iRet; } } else if(!strcmp(POST_DEPTH, pcToken)) { iRet = ProcessPostDepth(ServerConf, ErrorString, ErrStrLen); if (iRet) { return iRet; } } else if(!strcmp(GLOBAL_ALERT, pcToken)) { ServerConf->no_alerts = 1; } else if(!strcmp(OVERSIZE_DIR, pcToken)) { iRet = ProcessOversizeDir(ServerConf, ErrorString, ErrStrLen); if (iRet) { return iRet; } } else if(!strcmp(INSPECT_URI_ONLY, pcToken)) { ServerConf->uri_only = 1; } else { SnortSnprintf(ErrorString, ErrStrLen, "Invalid token while configuring the profile token. " "The only allowed tokens when configuring profiles " "are: '%s', '%s', '%s', '%s', '%s', '%s', and '%s'.", PORTS,IIS_UNICODE_MAP, ALLOW_PROXY, FLOW_DEPTH, GLOBAL_ALERT, OVERSIZE_DIR, INSPECT_URI_ONLY); return -1; } } while ((pcToken = strtok(NULL, CONF_SEPARATORS)) != NULL); if(!iPorts) { SnortSnprintf(ErrorString, ErrStrLen, "No port list to the profile token."); return -1; } return 0; } /* ** If there is no profile configuration then we go into the hard-core ** configuration. */⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -